On Sat, Apr 07, 2012 at 07:36:56PM +0100, Dale Amon wrote:
> On Sat, Apr 07, 2012 at 11:23:40AM -0400, Sam Smith wrote:
> >
> > here's what they say about FOSS
> > https://spideroak.com/engineering_matters#open_source
> >
> > note that Canonical has cloud stuff that is not open source. Some com
On Sun, Apr 08, 2012 at 11:55:25AM +0800, John McCabe-Dansted wrote:
> > LastPass may be secure today, but it is trivially easy for LastPass
> > (or a hypothetical attacker who gains access to LastPass's
> > infrastructure) to compromise that security simply by replacing the
> > javascript code whi
> LastPass may be secure today, but it is trivially easy for LastPass
> (or a hypothetical attacker who gains access to LastPass's
> infrastructure) to compromise that security simply by replacing the
> javascript code which does the client side encryption and decryption
> with some code that also
On Sat, Apr 07, 2012 at 11:23:40AM -0400, Sam Smith wrote:
>
> here's what they say about FOSS
> https://spideroak.com/engineering_matters#open_source
>
> note that Canonical has cloud stuff that is not open source. Some companies
> apparently can't remain competitive if everything is open sou
om: a...@vnl.com
> To: smick...@hotmail.com
> CC: ubuntu-devel-discuss@lists.ubuntu.com
> Subject: Re: Ubuntu One needs cloud encryption like LastPass does it
>
> On Thu, Apr 05, 2012 at 06:42:23PM -0400, Sam Smith wrote:
> >
> > The point is that SpiderOak (and Lastpas
On Thu, Apr 05, 2012 at 09:18:37PM -0400, Paul Smith wrote:
> I'm sure that they felt that forcing you to keep both the passphrase AND
> the crypto key yourself was simply not a commercially viable solution
> for the general public. It would be nice if they offered an option
> (with appropriate ca
On Fri, 2012-04-06 at 01:41 +0100, Dale Amon wrote:
> I do not know the details, so I will ask: is it the case that:
All we can know for sure is the way the system is DOCUMENTED to work, as
I said in my other email.
> * The user crypto key is generated on the
> the user machine.
Ye
On Thu, 2012-04-05 at 18:33 -0500, Jordon Bedwell wrote:
> On Thu, Apr 5, 2012 at 5:42 PM, Sam Smith wrote:
> > The point is that SpiderOak (and Lastpass) never know the user's password.
> > And never receive the encryption key. The key never leaves the user's
> > computer. The server never gets i
Six statements rather... I added the other two
initial ones as I thought more deeply on it.
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
On 04/05/2012 01:33 PM, Jordon Bedwell wrote:
On Thu, Apr 5, 2012 at 5:42 PM, Sam Smith wrote:
The point is that SpiderOak (and Lastpass) never know the user's password.
And never receive the encryption key. The key never leaves the user's
computer. The server never gets it. The only thing that
I would not be so harsh on these companies. They
are very quietly *told* that they will comply
with the will of certain agencies. Or else. And
they are not allowed to tell their customers. Or
else... But they are trying to sell security. So
what are they going to do? They are going to
do a doubleth
On Thu, Apr 5, 2012 at 5:42 PM, Sam Smith wrote:
> The point is that SpiderOak (and Lastpass) never know the user's password.
> And never receive the encryption key. The key never leaves the user's
> computer. The server never gets it. The only thing that ever lands on the
> server is an encrypted
On Thu, Apr 05, 2012 at 06:42:23PM -0400, Sam Smith wrote:
>
> The point is that SpiderOak (and Lastpass) never know the user's password.
> And never receive the encryption key. The key never leaves the user's
> computer. The server never gets it. The only thing that ever lands on the
> server
cryption key and can access the data anytime they want. If Apple
can access the data, a rogue employee and a hacker can potentially access the
data.
> Date: Thu, 5 Apr 2012 11:32:33 -0500
> Subject: Re: Ubuntu One needs cloud encryption like LastPass does it
> From: jor...@envygeeks.com
&
On Thu, Apr 05, 2012 at 11:32:33AM -0500, Jordon Bedwell wrote:
> On Thu, Apr 5, 2012 at 8:18 AM, Dale Amon wrote:
> Encrypting the encryption key has nothing to do with security, you
I agree.
> dedicated crypto hardware. Then you have to re-upload all that data
> again, wasting their bandwidth
On Thu, Apr 5, 2012 at 8:18 AM, Dale Amon wrote:
> On Wed, Apr 04, 2012 at 07:55:09PM -0400, Sam Smith wrote:
>>
>> I use "SpiderOak" because it offers client-side encryption. It provides the
>> security & privacy I seek.
>>
>> I'd prefer to use Ubuntu One, but until it supports client-side AES 2
On Wed, Apr 04, 2012 at 07:55:09PM -0400, Sam Smith wrote:
>
> I use "SpiderOak" because it offers client-side encryption. It provides the
> security & privacy I seek.
>
> I'd prefer to use Ubuntu One, but until it supports client-side AES 256-bit
> encryption & additionally encrypts the decryp
won't even consider it.
From: jtodd...@hotmail.com
To: m...@funkyhat.org; ubuntu-devel-discuss@lists.ubuntu.com
Subject: RE: Ubuntu One needs cloud encryption like LastPass does it
Date: Sat, 24 Mar 2012 08:57:19 -0400
Even assuming this is true, why is it still not a good idea for Ubunt
Even assuming this is true, why is it still not a good idea for Ubuntu One to
implement the same encryption setup of the user having the only key.
> From: m...@funkyhat.org
> Date: Sat, 24 Mar 2012 02:00:20 +
> Subject: Re: Ubuntu One needs cloud encryption like LastPass does it
&g
On 23 March 2012 23:36, Jason Todd wrote:
> Guys, please read these (or listen to the podcasts):
> http://www.grc.com/sn/sn-256.htm
> http://www.grc.com/sn/sn-257.htm
>
> Things being said seem to conflict with what I learned from this episode of
> security now on how lastpass works. Essentially:
data except the user.
> Date: Fri, 23 Mar 2012 18:25:04 -0500
> Subject: Re: Ubuntu One needs cloud encryption like LastPass does it
> From: jor...@envygeeks.com
> To: smick...@hotmail.com
> CC: ubuntu-devel-discuss@lists.ubuntu.com
>
> On Fri, Mar 23, 2012 at 1:34
On Fri, Mar 23, 2012 at 1:34 PM, Sam Smith wrote:
> Everything you said, you can do with LastPass: "make it more convenient,
> access your files from anywhere (including the website), stream your own
> music, share your files"
>
> Using secure encryption that occurs on the computer before it leave
On Fri, Mar 23, 2012 at 3:34 PM, Sam Smith wrote:
>
> Using secure encryption that occurs on the computer before it leaves for the
> cloud does not prevent any of the things you seem to think it does.
Of course it does, if it's encrypted, and only you can access it, then
it can't be displayed on
s for the
cloud does not prevent any of the things you seem to think it does.
> From: be...@ubuntu.com
> Date: Thu, 22 Mar 2012 16:32:09 -0300
> Subject: Re: Ubuntu One needs cloud encryption like LastPass does it
> To: jtodd...@hotmail.com
> CC: ubuntu-devel-discuss@lists.ubuntu.com
On Thu, Mar 22, 2012 at 6:38 PM, Martin Pool wrote:
>> ...but then you wouldn't be able to interact with your data beyond
>> your own computers.
>> Ubuntu One's focus is to make it more convenient, access your files
>> from anywhere (including the website), stream your own music, share
>> your fil
>
> ...but then you wouldn't be able to interact with your data beyond
> your own computers.
> Ubuntu One's focus is to make it more convenient, access your files
> from anywhere (including the website), stream your own music, share
> your files, and well, more to come in that direction.
>
For pho
On Thu, Mar 22, 2012 at 3:41 PM, Jason Todd wrote:
> I wanted to leave a note expressing my hopes that if Ubuntu One ever gets
> encryption capabilities, that the encryption be implemented in the same way
> that LASTPASS does it (http://lastpass.com). Which is that the data is all
> encrypted on t
I read an article today about how Apple iCloud encrypts user data. It left me
wishing Ubuntu One encrypted user data.
Personally, I don't use cloud services unless my data is encrypted before it
leaves my computer.
I wanted to leave a note expressing my hopes that if Ubuntu One ever gets
enc
28 matches
Mail list logo